-
-
Notifications
You must be signed in to change notification settings - Fork 209
Expand file tree
/
Copy path.gitleaks.toml
More file actions
34 lines (32 loc) · 1.05 KB
/
.gitleaks.toml
File metadata and controls
34 lines (32 loc) · 1.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Gitleaks configuration for Pulse
# https://github.com/gitleaks/gitleaks
#
# Extends the default ruleset (AWS, GCP, Stripe, OpenAI, private keys, etc.)
# with allowlists to suppress false positives from test fixtures, docs, and templates.
[extend]
useDefault = true
[allowlist]
paths = [
# Template/example files with placeholder credentials
'''\.env\.example$''',
'''mock\.env$''',
# Test files use fake tokens, keys, and credentials throughout
'''_test\.go$''',
'''_test\.ts$''',
'''tests/integration/''',
# tmp/ is gitignored but shows up in --no-git scans
'''^tmp/''',
]
regexTarget = "match"
regexes = [
# PULSE_LICENSE_PUBLIC_KEY is an env var name, not a secret value
'''PULSE_LICENSE_PUBLIC_KEY''',
# Documentation placeholder tokens in curl examples
'''your-token''',
'''your-api-token''',
'''your-original-token''',
# Dev credentials documented in CLAUDE.md and scripts (admin:admin)
'''admin:admin''',
# E2E test bootstrap token (deterministic, not a real secret)
'''0123456789abcdef''',
]